CBOR Web Token (CWT) Claims

Created
2018-03-22
Last Updated
2021-08-31
Available Formats

XML

HTML

Plain text

Registries included below

CBOR Web Token (CWT) Claims

Expert(s)
Mike Jones, Hannes Tschofenig, Chuck Mortimore, Ludwig Seitz
Reference
[RFC8392]
Note
Registration requests should be sent to the mailing list described in [RFC8392].
    
Available Formats

CSV
Range Registration Procedures
Integer values from -256 to 255 Standards Action
Integer values from -65536 to -257 Specification Required
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Claim Name Claim Description JWT Claim Name Claim Key Claim Value Type Change Controller Reference
Reserved for Private Use less than -65536 [RFC8392]
Unassigned -65536 to -261
hcert Health Certificate hcert -260 map [European_eHealth_Network] [Electronic Health Certificate Specification]
EUPHNonce Challenge Nonce EUPHNonce -259 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EATMAROEPrefix Signing prefix for multi-app restricted operating environments EATMAROEPrefix -258 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EAT-FDO EAT-FDO may contain related to FIDO Device Onboarding EAT-FDO -257 array [FIDO_Alliance] [FIDO Device Onboard Specification]
Unassigned -256 to -1
Reserved This registration reserves the key value 0 0 [IESG] [RFC8392]
iss Issuer iss 1 text string [IESG] [RFC8392]
sub Subject sub 2 text string [IESG] [RFC8392]
aud Audience aud 3 text string [IESG] [RFC8392]
exp Expiration Time exp 4 integer or floating-point number [IESG] [RFC8392]
nbf Not Before nbf 5 integer or floating-point number [IESG] [RFC8392]
iat Issued At iat 6 integer or floating-point number [IESG] [RFC8392]
cti CWT ID jti 7 byte string [IESG] [RFC8392]
cnf Confirmation cnf 8 map [IESG] [RFC8747]
scope The scope of an access token as defined in [RFC6749]. scope 9 byte string or text string [IESG] [RFC8693, Section 4.2]
Unassigned 10 to 37
ace_profile The ACE profile a token is supposed to be used with. ace_profile 38 integer [IETF] [RFC-ietf-ace-oauth-authz-45, Section 5.10]
cnonce The client-nonce sent to the AS by the RS via the client. cnonce 39 byte string [IETF] [RFC-ietf-ace-oauth-authz-45, Section 5.10]
exi The expiration time of a token measured from when it was received at the RS in seconds. exi 40 integer [IETF] [RFC-ietf-ace-oauth-authz-45, Section 5.10.3]
Unassigned 41 to 65535

CWT Confirmation Methods

Registration Procedure(s)
Specification Required
Expert(s)
Ludwig Seitz, Mike Jones
Reference
[RFC8747]
Note
Registration requests should be sent to the mailing list described in [RFC8747].
    
Available Formats

CSV
Confirmation Method Name Confirmation Method Description JWT Confirmation Method Name Confirmation Key Confirmation Value Type Change Controller Reference
COSE_Key COSE_Key Representing Public Key jwk 1 COSE_Key structure [IESG] [RFC8747, Section 3.2]
Encrypted_COSE_Key Encrypted COSE_Key jwe 2 COSE_Encrypt or COSE_Encrypt0 structure (with an optional corresponding COSE_Encrypt or COSE_Encrypt0 tag) [IESG] [RFC8747, Section 3.3]
kid Key Identifier kid 3 binary string [IESG] [RFC8747, Section 3.4]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation osc 4 map [IETF] [RFC-ietf-ace-oscore-profile-19, Section 3.2.1]

Contact Information

ID Name Contact URI Last Updated
[European_eHealth_Network] European eHealth Network mailto:jakob&kirei.se 2021-04-15
[FIDO_Alliance] FIDO Alliance mailto:iana-request&fidoalliance.org 2021-03-05
[IESG] IESG mailto:iesg&ietf.org 2018-05-04
[IETF] IETF mailto:iesg&ietf.org